wordpress blog stats
Connect with us

Hi, what are you looking for?

Database with personal information of over 275 million Indians hijacked: Report


An unprotected database with personal information of more than 275 million Indians has been hijacked by hackers, who may have stolen all or some of the data, reports Bob Diachenko, a security consultant and journalist at SecurityDiscovery.com. Diachenko said he found the unsecured and publicly indexed MongoDB database on May 1 and informed India’s Computer Emergency Response Team (CERT) at once.

However, the database was not secured, and on May 8 it was hacked by the Unistellar group, which wiped all the data. Diachenko said the records included people’s names, email, gender, date of birth, mobile phone number, current salary, employment history and current employer, education level and area of specialisation, and professional skills and functional area. He wrote that while the number of records stolen could be fewer that the total number exposed “it is still one of the biggest breaches reported in the region”. He said the database did not indicate who owned it but its structure hinted that it had been collected as part of a massive scraping operation. It was hosted on Amazon Web Services (AWS) infrastructure, and a reverse DNS lookup showed no results.

AmEx India’s database exposed for 5 days last October

Last October, Diachenko found that an unprotected MongoDB database with millions of records that belonged to American Express India had been accessible to anyone for more than five days. The database contained customers’ names, phone numbers, addresses, PAN numbers and Aadhaar IDs. He said that most of the data was encrypted but several collections were not. The largest non-encrypted collection of data had 689,272 records, including customers’ phone numbers, names, email addresses, and the type of card they owned. Another 2.3 million records were encrypted. Diachenko said that many of the entries had fields such as ‘campaignID’, ‘prequalstatus’ and ‘leadID’, which led him to suspect that the database was not managed by AmEx itself but by a subcontractor handling SEO or lead generation. He said AmEx secured the database soon after he informed them about it. The company told him there had been no authorised access and no customer data had been affected.

Advertisement. Scroll to continue reading.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...


By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...


By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ